This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 57.99999999999999%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETR%3C/text%3E%3C/svg%3E)
Hello All experts!
Please help me on this problem or point me to the right direction. Thanks
We have SP 2019 on premises 2FE + 2APP + 1DB, NetScaler for SSL offloading
We have many host name site collections
I have configured NetScaler and SP 2019 as per documentation says - root site collection on hhtp:// and all other site collections are on https:// This is my structure http://mysite.domain.com, https://a.domain.com, https://b.domain.com.
From client machine all these URLs are accessible without any problem. Here is my problem. HTTPS URLs are not accessible directly from server. the impact is Search service is not working. Crawler is not able to access any of https site collection.
Please help me out and thanks in advance.
Is there a reason you're using SSL Offloading? It is generally considered insecure as data can be sniffed between the Netscaler and SharePoint. When using OAuth tokens (i.e. Office Online Server, SharePoint Addins, etc.), they depend on transport security. An intercepted plain text OAuth token can be replayed and the attacker will be granted the same level of access as the user who made the request.
It is organization decision to apply certificates only at load balancer level for easy management. They do not allow to install certificates on individual servers.
It is internal application and not exposed externally.
As most attacks (70%+) originate from within the network, encryption is important at all layers. Defense in depth!
If the “HTTPS URLs are not accessible directly from server” then the SSL Offloading is possibly not configured properly. Please see the article here for explanation and tutorial: Configuring Citrix Netscaler for SharePoint SSL Offloading.
You can then add the HTTPS URLs (Default zone) to the Content Source to be accessible by Crawler, referring to another post here: Sharepiont 2013 Search is not working on Https Site.
Note that SSL certification needs to be installed and added to Certificate store.
Another post for your reference: Enabling SSL on Sharepoint site and Offloading Certificate with F5.
*Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link. *
If an Answer is helpful, please click "Accept Answer" and upvote it.
**Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread. **
Hi @Tayyab Rana , do you have any progress on this thread? Please feel free to let us know if you need further assistance.
Well. It is very interesting. I have configured my environment as per the above instructions. But it was not working for me till last week. I was absolutely disappointed and assumed that it will not work. As a last try I have deleted everything and reinstalled SharePoint. Do you know what happened? It is working now.
Thanks for your help.
Glad to know that. I do not really have much to give from here, if you have concern about your SharePoint farm, it is better that you open a ticket with Microsoft so that a dedicated Technical Professional can have a look.
But everything should be working fine by now since your configuration is working. You can go through the System Event Viewer and the SharePoint Health Analyzer to see if there is any potential issue you can fix from your end.